Documentation ¶
Index ¶
- type AuthBackendLogin
- type AuthBackendLoginArgs
- type AuthBackendLoginArray
- type AuthBackendLoginArrayInput
- type AuthBackendLoginArrayOutput
- func (AuthBackendLoginArrayOutput) ElementType() reflect.Type
- func (o AuthBackendLoginArrayOutput) Index(i pulumi.IntInput) AuthBackendLoginOutput
- func (o AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput
- func (o AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutputWithContext(ctx context.Context) AuthBackendLoginArrayOutput
- type AuthBackendLoginInput
- type AuthBackendLoginMap
- type AuthBackendLoginMapInput
- type AuthBackendLoginMapOutput
- func (AuthBackendLoginMapOutput) ElementType() reflect.Type
- func (o AuthBackendLoginMapOutput) MapIndex(k pulumi.StringInput) AuthBackendLoginOutput
- func (o AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput
- func (o AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutputWithContext(ctx context.Context) AuthBackendLoginMapOutput
- type AuthBackendLoginOutput
- func (o AuthBackendLoginOutput) Accessor() pulumi.StringOutput
- func (o AuthBackendLoginOutput) Backend() pulumi.StringPtrOutput
- func (o AuthBackendLoginOutput) ClientToken() pulumi.StringOutput
- func (AuthBackendLoginOutput) ElementType() reflect.Type
- func (o AuthBackendLoginOutput) LeaseDuration() pulumi.IntOutput
- func (o AuthBackendLoginOutput) LeaseStarted() pulumi.StringOutput
- func (o AuthBackendLoginOutput) Metadata() pulumi.StringMapOutput
- func (o AuthBackendLoginOutput) Namespace() pulumi.StringPtrOutput
- func (o AuthBackendLoginOutput) Policies() pulumi.StringArrayOutput
- func (o AuthBackendLoginOutput) Renewable() pulumi.BoolOutput
- func (o AuthBackendLoginOutput) RoleId() pulumi.StringOutput
- func (o AuthBackendLoginOutput) SecretId() pulumi.StringPtrOutput
- func (o AuthBackendLoginOutput) ToAuthBackendLoginOutput() AuthBackendLoginOutput
- func (o AuthBackendLoginOutput) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput
- type AuthBackendLoginState
- type AuthBackendRole
- type AuthBackendRoleArgs
- type AuthBackendRoleArray
- type AuthBackendRoleArrayInput
- type AuthBackendRoleArrayOutput
- func (AuthBackendRoleArrayOutput) ElementType() reflect.Type
- func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput
- func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
- func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput
- type AuthBackendRoleInput
- type AuthBackendRoleMap
- type AuthBackendRoleMapInput
- type AuthBackendRoleMapOutput
- func (AuthBackendRoleMapOutput) ElementType() reflect.Type
- func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput
- func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
- func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput
- type AuthBackendRoleOutput
- func (o AuthBackendRoleOutput) Backend() pulumi.StringPtrOutput
- func (o AuthBackendRoleOutput) BindSecretId() pulumi.BoolPtrOutput
- func (AuthBackendRoleOutput) ElementType() reflect.Type
- func (o AuthBackendRoleOutput) Namespace() pulumi.StringPtrOutput
- func (o AuthBackendRoleOutput) RoleId() pulumi.StringOutput
- func (o AuthBackendRoleOutput) RoleName() pulumi.StringOutput
- func (o AuthBackendRoleOutput) SecretIdBoundCidrs() pulumi.StringArrayOutput
- func (o AuthBackendRoleOutput) SecretIdNumUses() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) SecretIdTtl() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput
- func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
- func (o AuthBackendRoleOutput) TokenBoundCidrs() pulumi.StringArrayOutput
- func (o AuthBackendRoleOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenMaxTtl() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput
- func (o AuthBackendRoleOutput) TokenNumUses() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenPeriod() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenPolicies() pulumi.StringArrayOutput
- func (o AuthBackendRoleOutput) TokenTtl() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenType() pulumi.StringPtrOutput
- type AuthBackendRoleSecretId
- type AuthBackendRoleSecretIdArgs
- type AuthBackendRoleSecretIdArray
- func (AuthBackendRoleSecretIdArray) ElementType() reflect.Type
- func (i AuthBackendRoleSecretIdArray) ToAuthBackendRoleSecretIdArrayOutput() AuthBackendRoleSecretIdArrayOutput
- func (i AuthBackendRoleSecretIdArray) ToAuthBackendRoleSecretIdArrayOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdArrayOutput
- type AuthBackendRoleSecretIdArrayInput
- type AuthBackendRoleSecretIdArrayOutput
- func (AuthBackendRoleSecretIdArrayOutput) ElementType() reflect.Type
- func (o AuthBackendRoleSecretIdArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleSecretIdOutput
- func (o AuthBackendRoleSecretIdArrayOutput) ToAuthBackendRoleSecretIdArrayOutput() AuthBackendRoleSecretIdArrayOutput
- func (o AuthBackendRoleSecretIdArrayOutput) ToAuthBackendRoleSecretIdArrayOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdArrayOutput
- type AuthBackendRoleSecretIdInput
- type AuthBackendRoleSecretIdMap
- func (AuthBackendRoleSecretIdMap) ElementType() reflect.Type
- func (i AuthBackendRoleSecretIdMap) ToAuthBackendRoleSecretIdMapOutput() AuthBackendRoleSecretIdMapOutput
- func (i AuthBackendRoleSecretIdMap) ToAuthBackendRoleSecretIdMapOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdMapOutput
- type AuthBackendRoleSecretIdMapInput
- type AuthBackendRoleSecretIdMapOutput
- func (AuthBackendRoleSecretIdMapOutput) ElementType() reflect.Type
- func (o AuthBackendRoleSecretIdMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleSecretIdOutput
- func (o AuthBackendRoleSecretIdMapOutput) ToAuthBackendRoleSecretIdMapOutput() AuthBackendRoleSecretIdMapOutput
- func (o AuthBackendRoleSecretIdMapOutput) ToAuthBackendRoleSecretIdMapOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdMapOutput
- type AuthBackendRoleSecretIdOutput
- func (o AuthBackendRoleSecretIdOutput) Accessor() pulumi.StringOutput
- func (o AuthBackendRoleSecretIdOutput) Backend() pulumi.StringPtrOutput
- func (o AuthBackendRoleSecretIdOutput) CidrLists() pulumi.StringArrayOutput
- func (AuthBackendRoleSecretIdOutput) ElementType() reflect.Type
- func (o AuthBackendRoleSecretIdOutput) Metadata() pulumi.StringPtrOutput
- func (o AuthBackendRoleSecretIdOutput) Namespace() pulumi.StringPtrOutput
- func (o AuthBackendRoleSecretIdOutput) RoleName() pulumi.StringOutput
- func (o AuthBackendRoleSecretIdOutput) SecretId() pulumi.StringOutput
- func (o AuthBackendRoleSecretIdOutput) ToAuthBackendRoleSecretIdOutput() AuthBackendRoleSecretIdOutput
- func (o AuthBackendRoleSecretIdOutput) ToAuthBackendRoleSecretIdOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdOutput
- func (o AuthBackendRoleSecretIdOutput) WithWrappedAccessor() pulumi.BoolPtrOutput
- func (o AuthBackendRoleSecretIdOutput) WrappingAccessor() pulumi.StringOutput
- func (o AuthBackendRoleSecretIdOutput) WrappingToken() pulumi.StringOutput
- func (o AuthBackendRoleSecretIdOutput) WrappingTtl() pulumi.StringPtrOutput
- type AuthBackendRoleSecretIdState
- type AuthBackendRoleState
- type GetAuthBackendRoleIdArgs
- type GetAuthBackendRoleIdOutputArgs
- type GetAuthBackendRoleIdResult
- type GetAuthBackendRoleIdResultOutput
- func (o GetAuthBackendRoleIdResultOutput) Backend() pulumi.StringPtrOutput
- func (GetAuthBackendRoleIdResultOutput) ElementType() reflect.Type
- func (o GetAuthBackendRoleIdResultOutput) Id() pulumi.StringOutput
- func (o GetAuthBackendRoleIdResultOutput) Namespace() pulumi.StringPtrOutput
- func (o GetAuthBackendRoleIdResultOutput) RoleId() pulumi.StringOutput
- func (o GetAuthBackendRoleIdResultOutput) RoleName() pulumi.StringOutput
- func (o GetAuthBackendRoleIdResultOutput) ToGetAuthBackendRoleIdResultOutput() GetAuthBackendRoleIdResultOutput
- func (o GetAuthBackendRoleIdResultOutput) ToGetAuthBackendRoleIdResultOutputWithContext(ctx context.Context) GetAuthBackendRoleIdResultOutput
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthBackendLogin ¶
type AuthBackendLogin struct { pulumi.CustomResourceState // The accessor for the token. Accessor pulumi.StringOutput `pulumi:"accessor"` // The unique path of the Vault backend to log in with. Backend pulumi.StringPtrOutput `pulumi:"backend"` // The Vault token created. ClientToken pulumi.StringOutput `pulumi:"clientToken"` // How long the token is valid for, in seconds. LeaseDuration pulumi.IntOutput `pulumi:"leaseDuration"` // The date and time the lease started, in RFC 3339 format. LeaseStarted pulumi.StringOutput `pulumi:"leaseStarted"` // The metadata associated with the token. Metadata pulumi.StringMapOutput `pulumi:"metadata"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // A list of policies applied to the token. Policies pulumi.StringArrayOutput `pulumi:"policies"` // Whether the token is renewable or not. Renewable pulumi.BoolOutput `pulumi:"renewable"` // The ID of the role to log in with. RoleId pulumi.StringOutput `pulumi:"roleId"` // The secret ID of the role to log in with. Required // unless `bindSecretId` is set to false on the role. SecretId pulumi.StringPtrOutput `pulumi:"secretId"` }
Logs into Vault using the AppRole auth backend. See the [Vault documentation](https://www.vaultproject.io/docs/auth/approle) for more information.
## Example Usage
<!--Start PulumiCodeChooser --> ```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault" "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{ Type: pulumi.String("approle"), }) if err != nil { return err } example, err := appRole.NewAuthBackendRole(ctx, "example", &appRole.AuthBackendRoleArgs{ Backend: approle.Path, RoleName: pulumi.String("test-role"), TokenPolicies: pulumi.StringArray{ pulumi.String("default"), pulumi.String("dev"), pulumi.String("prod"), }, }) if err != nil { return err } id, err := appRole.NewAuthBackendRoleSecretId(ctx, "id", &appRole.AuthBackendRoleSecretIdArgs{ Backend: approle.Path, RoleName: example.RoleName, }) if err != nil { return err } _, err = appRole.NewAuthBackendLogin(ctx, "login", &appRole.AuthBackendLoginArgs{ Backend: approle.Path, RoleId: example.RoleId, SecretId: id.SecretId, }) if err != nil { return err } return nil }) }
``` <!--End PulumiCodeChooser -->
func GetAuthBackendLogin ¶
func GetAuthBackendLogin(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendLoginState, opts ...pulumi.ResourceOption) (*AuthBackendLogin, error)
GetAuthBackendLogin gets an existing AuthBackendLogin resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendLogin ¶
func NewAuthBackendLogin(ctx *pulumi.Context, name string, args *AuthBackendLoginArgs, opts ...pulumi.ResourceOption) (*AuthBackendLogin, error)
NewAuthBackendLogin registers a new resource with the given unique name, arguments, and options.
func (*AuthBackendLogin) ElementType ¶
func (*AuthBackendLogin) ElementType() reflect.Type
func (*AuthBackendLogin) ToAuthBackendLoginOutput ¶
func (i *AuthBackendLogin) ToAuthBackendLoginOutput() AuthBackendLoginOutput
func (*AuthBackendLogin) ToAuthBackendLoginOutputWithContext ¶
func (i *AuthBackendLogin) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput
type AuthBackendLoginArgs ¶
type AuthBackendLoginArgs struct { // The unique path of the Vault backend to log in with. Backend pulumi.StringPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // The ID of the role to log in with. RoleId pulumi.StringInput // The secret ID of the role to log in with. Required // unless `bindSecretId` is set to false on the role. SecretId pulumi.StringPtrInput }
The set of arguments for constructing a AuthBackendLogin resource.
func (AuthBackendLoginArgs) ElementType ¶
func (AuthBackendLoginArgs) ElementType() reflect.Type
type AuthBackendLoginArray ¶
type AuthBackendLoginArray []AuthBackendLoginInput
func (AuthBackendLoginArray) ElementType ¶
func (AuthBackendLoginArray) ElementType() reflect.Type
func (AuthBackendLoginArray) ToAuthBackendLoginArrayOutput ¶
func (i AuthBackendLoginArray) ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput
func (AuthBackendLoginArray) ToAuthBackendLoginArrayOutputWithContext ¶
func (i AuthBackendLoginArray) ToAuthBackendLoginArrayOutputWithContext(ctx context.Context) AuthBackendLoginArrayOutput
type AuthBackendLoginArrayInput ¶
type AuthBackendLoginArrayInput interface { pulumi.Input ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput ToAuthBackendLoginArrayOutputWithContext(context.Context) AuthBackendLoginArrayOutput }
AuthBackendLoginArrayInput is an input type that accepts AuthBackendLoginArray and AuthBackendLoginArrayOutput values. You can construct a concrete instance of `AuthBackendLoginArrayInput` via:
AuthBackendLoginArray{ AuthBackendLoginArgs{...} }
type AuthBackendLoginArrayOutput ¶
type AuthBackendLoginArrayOutput struct{ *pulumi.OutputState }
func (AuthBackendLoginArrayOutput) ElementType ¶
func (AuthBackendLoginArrayOutput) ElementType() reflect.Type
func (AuthBackendLoginArrayOutput) Index ¶
func (o AuthBackendLoginArrayOutput) Index(i pulumi.IntInput) AuthBackendLoginOutput
func (AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutput ¶
func (o AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput
func (AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutputWithContext ¶
func (o AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutputWithContext(ctx context.Context) AuthBackendLoginArrayOutput
type AuthBackendLoginInput ¶
type AuthBackendLoginInput interface { pulumi.Input ToAuthBackendLoginOutput() AuthBackendLoginOutput ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput }
type AuthBackendLoginMap ¶
type AuthBackendLoginMap map[string]AuthBackendLoginInput
func (AuthBackendLoginMap) ElementType ¶
func (AuthBackendLoginMap) ElementType() reflect.Type
func (AuthBackendLoginMap) ToAuthBackendLoginMapOutput ¶
func (i AuthBackendLoginMap) ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput
func (AuthBackendLoginMap) ToAuthBackendLoginMapOutputWithContext ¶
func (i AuthBackendLoginMap) ToAuthBackendLoginMapOutputWithContext(ctx context.Context) AuthBackendLoginMapOutput
type AuthBackendLoginMapInput ¶
type AuthBackendLoginMapInput interface { pulumi.Input ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput ToAuthBackendLoginMapOutputWithContext(context.Context) AuthBackendLoginMapOutput }
AuthBackendLoginMapInput is an input type that accepts AuthBackendLoginMap and AuthBackendLoginMapOutput values. You can construct a concrete instance of `AuthBackendLoginMapInput` via:
AuthBackendLoginMap{ "key": AuthBackendLoginArgs{...} }
type AuthBackendLoginMapOutput ¶
type AuthBackendLoginMapOutput struct{ *pulumi.OutputState }
func (AuthBackendLoginMapOutput) ElementType ¶
func (AuthBackendLoginMapOutput) ElementType() reflect.Type
func (AuthBackendLoginMapOutput) MapIndex ¶
func (o AuthBackendLoginMapOutput) MapIndex(k pulumi.StringInput) AuthBackendLoginOutput
func (AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutput ¶
func (o AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput
func (AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutputWithContext ¶
func (o AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutputWithContext(ctx context.Context) AuthBackendLoginMapOutput
type AuthBackendLoginOutput ¶
type AuthBackendLoginOutput struct{ *pulumi.OutputState }
func (AuthBackendLoginOutput) Accessor ¶
func (o AuthBackendLoginOutput) Accessor() pulumi.StringOutput
The accessor for the token.
func (AuthBackendLoginOutput) Backend ¶
func (o AuthBackendLoginOutput) Backend() pulumi.StringPtrOutput
The unique path of the Vault backend to log in with.
func (AuthBackendLoginOutput) ClientToken ¶
func (o AuthBackendLoginOutput) ClientToken() pulumi.StringOutput
The Vault token created.
func (AuthBackendLoginOutput) ElementType ¶
func (AuthBackendLoginOutput) ElementType() reflect.Type
func (AuthBackendLoginOutput) LeaseDuration ¶
func (o AuthBackendLoginOutput) LeaseDuration() pulumi.IntOutput
How long the token is valid for, in seconds.
func (AuthBackendLoginOutput) LeaseStarted ¶
func (o AuthBackendLoginOutput) LeaseStarted() pulumi.StringOutput
The date and time the lease started, in RFC 3339 format.
func (AuthBackendLoginOutput) Metadata ¶
func (o AuthBackendLoginOutput) Metadata() pulumi.StringMapOutput
The metadata associated with the token.
func (AuthBackendLoginOutput) Namespace ¶
func (o AuthBackendLoginOutput) Namespace() pulumi.StringPtrOutput
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.
func (AuthBackendLoginOutput) Policies ¶
func (o AuthBackendLoginOutput) Policies() pulumi.StringArrayOutput
A list of policies applied to the token.
func (AuthBackendLoginOutput) Renewable ¶
func (o AuthBackendLoginOutput) Renewable() pulumi.BoolOutput
Whether the token is renewable or not.
func (AuthBackendLoginOutput) RoleId ¶
func (o AuthBackendLoginOutput) RoleId() pulumi.StringOutput
The ID of the role to log in with.
func (AuthBackendLoginOutput) SecretId ¶
func (o AuthBackendLoginOutput) SecretId() pulumi.StringPtrOutput
The secret ID of the role to log in with. Required unless `bindSecretId` is set to false on the role.
func (AuthBackendLoginOutput) ToAuthBackendLoginOutput ¶
func (o AuthBackendLoginOutput) ToAuthBackendLoginOutput() AuthBackendLoginOutput
func (AuthBackendLoginOutput) ToAuthBackendLoginOutputWithContext ¶
func (o AuthBackendLoginOutput) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput
type AuthBackendLoginState ¶
type AuthBackendLoginState struct { // The accessor for the token. Accessor pulumi.StringPtrInput // The unique path of the Vault backend to log in with. Backend pulumi.StringPtrInput // The Vault token created. ClientToken pulumi.StringPtrInput // How long the token is valid for, in seconds. LeaseDuration pulumi.IntPtrInput // The date and time the lease started, in RFC 3339 format. LeaseStarted pulumi.StringPtrInput // The metadata associated with the token. Metadata pulumi.StringMapInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // A list of policies applied to the token. Policies pulumi.StringArrayInput // Whether the token is renewable or not. Renewable pulumi.BoolPtrInput // The ID of the role to log in with. RoleId pulumi.StringPtrInput // The secret ID of the role to log in with. Required // unless `bindSecretId` is set to false on the role. SecretId pulumi.StringPtrInput }
func (AuthBackendLoginState) ElementType ¶
func (AuthBackendLoginState) ElementType() reflect.Type
type AuthBackendRole ¶
type AuthBackendRole struct { pulumi.CustomResourceState // The unique name of the auth backend to configure. // Defaults to `approle`. Backend pulumi.StringPtrOutput `pulumi:"backend"` // Whether or not to require `secretId` to be // presented when logging in using this AppRole. Defaults to `true`. BindSecretId pulumi.BoolPtrOutput `pulumi:"bindSecretId"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // The RoleID of this role. If not specified, one will be // auto-generated. RoleId pulumi.StringOutput `pulumi:"roleId"` // The name of the role. RoleName pulumi.StringOutput `pulumi:"roleName"` // If set, // specifies blocks of IP addresses which can perform the login operation. SecretIdBoundCidrs pulumi.StringArrayOutput `pulumi:"secretIdBoundCidrs"` // The number of times any particular SecretID // can be used to fetch a token from this AppRole, after which the SecretID will // expire. A value of zero will allow unlimited uses. SecretIdNumUses pulumi.IntPtrOutput `pulumi:"secretIdNumUses"` // The number of seconds after which any SecretID // expires. SecretIdTtl pulumi.IntPtrOutput `pulumi:"secretIdTtl"` // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"` // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"` // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"` // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"` // The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses) // of times a generated token may be used (within its lifetime); 0 means unlimited. TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"` // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"` // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"` // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"` // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrOutput `pulumi:"tokenType"` }
Manages an AppRole auth backend role in a Vault server. See the [Vault documentation](https://www.vaultproject.io/docs/auth/approle) for more information.
## Example Usage
<!--Start PulumiCodeChooser --> ```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault" "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{ Type: pulumi.String("approle"), }) if err != nil { return err } _, err = appRole.NewAuthBackendRole(ctx, "example", &appRole.AuthBackendRoleArgs{ Backend: approle.Path, RoleName: pulumi.String("test-role"), TokenPolicies: pulumi.StringArray{ pulumi.String("default"), pulumi.String("dev"), pulumi.String("prod"), }, }) if err != nil { return err } return nil }) }
``` <!--End PulumiCodeChooser -->
## Import
AppRole authentication backend roles can be imported using the `path`, e.g.
```sh $ pulumi import vault:appRole/authBackendRole:AuthBackendRole example auth/approle/role/test-role ```
func GetAuthBackendRole ¶
func GetAuthBackendRole(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendRoleState, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)
GetAuthBackendRole gets an existing AuthBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendRole ¶
func NewAuthBackendRole(ctx *pulumi.Context, name string, args *AuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)
NewAuthBackendRole registers a new resource with the given unique name, arguments, and options.
func (*AuthBackendRole) ElementType ¶
func (*AuthBackendRole) ElementType() reflect.Type
func (*AuthBackendRole) ToAuthBackendRoleOutput ¶
func (i *AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput
func (*AuthBackendRole) ToAuthBackendRoleOutputWithContext ¶
func (i *AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
type AuthBackendRoleArgs ¶
type AuthBackendRoleArgs struct { // The unique name of the auth backend to configure. // Defaults to `approle`. Backend pulumi.StringPtrInput // Whether or not to require `secretId` to be // presented when logging in using this AppRole. Defaults to `true`. BindSecretId pulumi.BoolPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // The RoleID of this role. If not specified, one will be // auto-generated. RoleId pulumi.StringPtrInput // The name of the role. RoleName pulumi.StringInput // If set, // specifies blocks of IP addresses which can perform the login operation. SecretIdBoundCidrs pulumi.StringArrayInput // The number of times any particular SecretID // can be used to fetch a token from this AppRole, after which the SecretID will // expire. A value of zero will allow unlimited uses. SecretIdNumUses pulumi.IntPtrInput // The number of seconds after which any SecretID // expires. SecretIdTtl pulumi.IntPtrInput // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayInput // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrInput // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrInput // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrInput // The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses) // of times a generated token may be used (within its lifetime); 0 means unlimited. TokenNumUses pulumi.IntPtrInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrInput // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayInput // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrInput // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrInput }
The set of arguments for constructing a AuthBackendRole resource.
func (AuthBackendRoleArgs) ElementType ¶
func (AuthBackendRoleArgs) ElementType() reflect.Type
type AuthBackendRoleArray ¶
type AuthBackendRoleArray []AuthBackendRoleInput
func (AuthBackendRoleArray) ElementType ¶
func (AuthBackendRoleArray) ElementType() reflect.Type
func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutput ¶
func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext ¶
func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput
type AuthBackendRoleArrayInput ¶
type AuthBackendRoleArrayInput interface { pulumi.Input ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput ToAuthBackendRoleArrayOutputWithContext(context.Context) AuthBackendRoleArrayOutput }
AuthBackendRoleArrayInput is an input type that accepts AuthBackendRoleArray and AuthBackendRoleArrayOutput values. You can construct a concrete instance of `AuthBackendRoleArrayInput` via:
AuthBackendRoleArray{ AuthBackendRoleArgs{...} }
type AuthBackendRoleArrayOutput ¶
type AuthBackendRoleArrayOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleArrayOutput) ElementType ¶
func (AuthBackendRoleArrayOutput) ElementType() reflect.Type
func (AuthBackendRoleArrayOutput) Index ¶
func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput
func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput ¶
func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext ¶
func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput
type AuthBackendRoleInput ¶
type AuthBackendRoleInput interface { pulumi.Input ToAuthBackendRoleOutput() AuthBackendRoleOutput ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput }
type AuthBackendRoleMap ¶
type AuthBackendRoleMap map[string]AuthBackendRoleInput
func (AuthBackendRoleMap) ElementType ¶
func (AuthBackendRoleMap) ElementType() reflect.Type
func (AuthBackendRoleMap) ToAuthBackendRoleMapOutput ¶
func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
func (AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext ¶
func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput
type AuthBackendRoleMapInput ¶
type AuthBackendRoleMapInput interface { pulumi.Input ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput ToAuthBackendRoleMapOutputWithContext(context.Context) AuthBackendRoleMapOutput }
AuthBackendRoleMapInput is an input type that accepts AuthBackendRoleMap and AuthBackendRoleMapOutput values. You can construct a concrete instance of `AuthBackendRoleMapInput` via:
AuthBackendRoleMap{ "key": AuthBackendRoleArgs{...} }
type AuthBackendRoleMapOutput ¶
type AuthBackendRoleMapOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleMapOutput) ElementType ¶
func (AuthBackendRoleMapOutput) ElementType() reflect.Type
func (AuthBackendRoleMapOutput) MapIndex ¶
func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput
func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput ¶
func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext ¶
func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput
type AuthBackendRoleOutput ¶
type AuthBackendRoleOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleOutput) Backend ¶
func (o AuthBackendRoleOutput) Backend() pulumi.StringPtrOutput
The unique name of the auth backend to configure. Defaults to `approle`.
func (AuthBackendRoleOutput) BindSecretId ¶
func (o AuthBackendRoleOutput) BindSecretId() pulumi.BoolPtrOutput
Whether or not to require `secretId` to be presented when logging in using this AppRole. Defaults to `true`.
func (AuthBackendRoleOutput) ElementType ¶
func (AuthBackendRoleOutput) ElementType() reflect.Type
func (AuthBackendRoleOutput) Namespace ¶
func (o AuthBackendRoleOutput) Namespace() pulumi.StringPtrOutput
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.
func (AuthBackendRoleOutput) RoleId ¶
func (o AuthBackendRoleOutput) RoleId() pulumi.StringOutput
The RoleID of this role. If not specified, one will be auto-generated.
func (AuthBackendRoleOutput) RoleName ¶
func (o AuthBackendRoleOutput) RoleName() pulumi.StringOutput
The name of the role.
func (AuthBackendRoleOutput) SecretIdBoundCidrs ¶
func (o AuthBackendRoleOutput) SecretIdBoundCidrs() pulumi.StringArrayOutput
If set, specifies blocks of IP addresses which can perform the login operation.
func (AuthBackendRoleOutput) SecretIdNumUses ¶
func (o AuthBackendRoleOutput) SecretIdNumUses() pulumi.IntPtrOutput
The number of times any particular SecretID can be used to fetch a token from this AppRole, after which the SecretID will expire. A value of zero will allow unlimited uses.
func (AuthBackendRoleOutput) SecretIdTtl ¶
func (o AuthBackendRoleOutput) SecretIdTtl() pulumi.IntPtrOutput
The number of seconds after which any SecretID expires.
func (AuthBackendRoleOutput) ToAuthBackendRoleOutput ¶
func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput
func (AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext ¶
func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
func (AuthBackendRoleOutput) TokenBoundCidrs ¶
func (o AuthBackendRoleOutput) TokenBoundCidrs() pulumi.StringArrayOutput
List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
func (AuthBackendRoleOutput) TokenExplicitMaxTtl ¶
func (o AuthBackendRoleOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput
If set, will encode an [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) onto the token in number of seconds. This is a hard cap even if `tokenTtl` and `tokenMaxTtl` would otherwise allow a renewal.
func (AuthBackendRoleOutput) TokenMaxTtl ¶
func (o AuthBackendRoleOutput) TokenMaxTtl() pulumi.IntPtrOutput
The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
func (AuthBackendRoleOutput) TokenNoDefaultPolicy ¶
func (o AuthBackendRoleOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput
If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
func (AuthBackendRoleOutput) TokenNumUses ¶
func (o AuthBackendRoleOutput) TokenNumUses() pulumi.IntPtrOutput
The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses) of times a generated token may be used (within its lifetime); 0 means unlimited.
func (AuthBackendRoleOutput) TokenPeriod ¶
func (o AuthBackendRoleOutput) TokenPeriod() pulumi.IntPtrOutput
If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
func (AuthBackendRoleOutput) TokenPolicies ¶
func (o AuthBackendRoleOutput) TokenPolicies() pulumi.StringArrayOutput
List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
func (AuthBackendRoleOutput) TokenTtl ¶
func (o AuthBackendRoleOutput) TokenTtl() pulumi.IntPtrOutput
The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
func (AuthBackendRoleOutput) TokenType ¶
func (o AuthBackendRoleOutput) TokenType() pulumi.StringPtrOutput
The type of token that should be generated. Can be `service`, `batch`, or `default` to use the mount's tuned default (which unless changed will be `service` tokens). For token store roles, there are two additional possibilities: `default-service` and `default-batch` which specify the type to return unless the client requests a different type at generation time.
type AuthBackendRoleSecretId ¶
type AuthBackendRoleSecretId struct { pulumi.CustomResourceState // The unique ID for this SecretID that can be safely logged. Accessor pulumi.StringOutput `pulumi:"accessor"` // Unique name of the auth backend to configure. Backend pulumi.StringPtrOutput `pulumi:"backend"` // If set, specifies blocks of IP addresses which can // perform the login operation using this SecretID. CidrLists pulumi.StringArrayOutput `pulumi:"cidrLists"` // A JSON-encoded string containing metadata in // key-value pairs to be set on tokens issued with this SecretID. Metadata pulumi.StringPtrOutput `pulumi:"metadata"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // The name of the role to create the SecretID for. RoleName pulumi.StringOutput `pulumi:"roleName"` // The SecretID to be created. If set, uses "Push" // mode. Defaults to Vault auto-generating SecretIDs. SecretId pulumi.StringOutput `pulumi:"secretId"` // Set to `true` to use the wrapped secret-id accessor as the resource ID. // If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or // invalidated through unwrapping. WithWrappedAccessor pulumi.BoolPtrOutput `pulumi:"withWrappedAccessor"` // The unique ID for the response-wrapped SecretID that can // be safely logged. WrappingAccessor pulumi.StringOutput `pulumi:"wrappingAccessor"` // The token used to retrieve a response-wrapped SecretID. WrappingToken pulumi.StringOutput `pulumi:"wrappingToken"` // If set, the SecretID response will be // [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping) // and available for the duration specified. Only a single unwrapping of the // token is allowed. WrappingTtl pulumi.StringPtrOutput `pulumi:"wrappingTtl"` }
Manages an AppRole auth backend SecretID in a Vault server. See the [Vault documentation](https://www.vaultproject.io/docs/auth/approle) for more information.
## Example Usage
<!--Start PulumiCodeChooser --> ```go package main
import (
"encoding/json" "github.com/pulumi/pulumi-vault/sdk/v6/go/vault" "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{ Type: pulumi.String("approle"), }) if err != nil { return err } example, err := appRole.NewAuthBackendRole(ctx, "example", &appRole.AuthBackendRoleArgs{ Backend: approle.Path, RoleName: pulumi.String("test-role"), TokenPolicies: pulumi.StringArray{ pulumi.String("default"), pulumi.String("dev"), pulumi.String("prod"), }, }) if err != nil { return err } tmpJSON0, err := json.Marshal(map[string]interface{}{ "hello": "world", }) if err != nil { return err } json0 := string(tmpJSON0) _, err = appRole.NewAuthBackendRoleSecretId(ctx, "id", &appRole.AuthBackendRoleSecretIdArgs{ Backend: approle.Path, RoleName: example.RoleName, Metadata: pulumi.String(json0), }) if err != nil { return err } return nil }) }
``` <!--End PulumiCodeChooser -->
func GetAuthBackendRoleSecretId ¶
func GetAuthBackendRoleSecretId(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendRoleSecretIdState, opts ...pulumi.ResourceOption) (*AuthBackendRoleSecretId, error)
GetAuthBackendRoleSecretId gets an existing AuthBackendRoleSecretId resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendRoleSecretId ¶
func NewAuthBackendRoleSecretId(ctx *pulumi.Context, name string, args *AuthBackendRoleSecretIdArgs, opts ...pulumi.ResourceOption) (*AuthBackendRoleSecretId, error)
NewAuthBackendRoleSecretId registers a new resource with the given unique name, arguments, and options.
func (*AuthBackendRoleSecretId) ElementType ¶
func (*AuthBackendRoleSecretId) ElementType() reflect.Type
func (*AuthBackendRoleSecretId) ToAuthBackendRoleSecretIdOutput ¶
func (i *AuthBackendRoleSecretId) ToAuthBackendRoleSecretIdOutput() AuthBackendRoleSecretIdOutput
func (*AuthBackendRoleSecretId) ToAuthBackendRoleSecretIdOutputWithContext ¶
func (i *AuthBackendRoleSecretId) ToAuthBackendRoleSecretIdOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdOutput
type AuthBackendRoleSecretIdArgs ¶
type AuthBackendRoleSecretIdArgs struct { // Unique name of the auth backend to configure. Backend pulumi.StringPtrInput // If set, specifies blocks of IP addresses which can // perform the login operation using this SecretID. CidrLists pulumi.StringArrayInput // A JSON-encoded string containing metadata in // key-value pairs to be set on tokens issued with this SecretID. Metadata pulumi.StringPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // The name of the role to create the SecretID for. RoleName pulumi.StringInput // The SecretID to be created. If set, uses "Push" // mode. Defaults to Vault auto-generating SecretIDs. SecretId pulumi.StringPtrInput // Set to `true` to use the wrapped secret-id accessor as the resource ID. // If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or // invalidated through unwrapping. WithWrappedAccessor pulumi.BoolPtrInput // If set, the SecretID response will be // [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping) // and available for the duration specified. Only a single unwrapping of the // token is allowed. WrappingTtl pulumi.StringPtrInput }
The set of arguments for constructing a AuthBackendRoleSecretId resource.
func (AuthBackendRoleSecretIdArgs) ElementType ¶
func (AuthBackendRoleSecretIdArgs) ElementType() reflect.Type
type AuthBackendRoleSecretIdArray ¶
type AuthBackendRoleSecretIdArray []AuthBackendRoleSecretIdInput
func (AuthBackendRoleSecretIdArray) ElementType ¶
func (AuthBackendRoleSecretIdArray) ElementType() reflect.Type
func (AuthBackendRoleSecretIdArray) ToAuthBackendRoleSecretIdArrayOutput ¶
func (i AuthBackendRoleSecretIdArray) ToAuthBackendRoleSecretIdArrayOutput() AuthBackendRoleSecretIdArrayOutput
func (AuthBackendRoleSecretIdArray) ToAuthBackendRoleSecretIdArrayOutputWithContext ¶
func (i AuthBackendRoleSecretIdArray) ToAuthBackendRoleSecretIdArrayOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdArrayOutput
type AuthBackendRoleSecretIdArrayInput ¶
type AuthBackendRoleSecretIdArrayInput interface { pulumi.Input ToAuthBackendRoleSecretIdArrayOutput() AuthBackendRoleSecretIdArrayOutput ToAuthBackendRoleSecretIdArrayOutputWithContext(context.Context) AuthBackendRoleSecretIdArrayOutput }
AuthBackendRoleSecretIdArrayInput is an input type that accepts AuthBackendRoleSecretIdArray and AuthBackendRoleSecretIdArrayOutput values. You can construct a concrete instance of `AuthBackendRoleSecretIdArrayInput` via:
AuthBackendRoleSecretIdArray{ AuthBackendRoleSecretIdArgs{...} }
type AuthBackendRoleSecretIdArrayOutput ¶
type AuthBackendRoleSecretIdArrayOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleSecretIdArrayOutput) ElementType ¶
func (AuthBackendRoleSecretIdArrayOutput) ElementType() reflect.Type
func (AuthBackendRoleSecretIdArrayOutput) Index ¶
func (o AuthBackendRoleSecretIdArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleSecretIdOutput
func (AuthBackendRoleSecretIdArrayOutput) ToAuthBackendRoleSecretIdArrayOutput ¶
func (o AuthBackendRoleSecretIdArrayOutput) ToAuthBackendRoleSecretIdArrayOutput() AuthBackendRoleSecretIdArrayOutput
func (AuthBackendRoleSecretIdArrayOutput) ToAuthBackendRoleSecretIdArrayOutputWithContext ¶
func (o AuthBackendRoleSecretIdArrayOutput) ToAuthBackendRoleSecretIdArrayOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdArrayOutput
type AuthBackendRoleSecretIdInput ¶
type AuthBackendRoleSecretIdInput interface { pulumi.Input ToAuthBackendRoleSecretIdOutput() AuthBackendRoleSecretIdOutput ToAuthBackendRoleSecretIdOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdOutput }
type AuthBackendRoleSecretIdMap ¶
type AuthBackendRoleSecretIdMap map[string]AuthBackendRoleSecretIdInput
func (AuthBackendRoleSecretIdMap) ElementType ¶
func (AuthBackendRoleSecretIdMap) ElementType() reflect.Type
func (AuthBackendRoleSecretIdMap) ToAuthBackendRoleSecretIdMapOutput ¶
func (i AuthBackendRoleSecretIdMap) ToAuthBackendRoleSecretIdMapOutput() AuthBackendRoleSecretIdMapOutput
func (AuthBackendRoleSecretIdMap) ToAuthBackendRoleSecretIdMapOutputWithContext ¶
func (i AuthBackendRoleSecretIdMap) ToAuthBackendRoleSecretIdMapOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdMapOutput
type AuthBackendRoleSecretIdMapInput ¶
type AuthBackendRoleSecretIdMapInput interface { pulumi.Input ToAuthBackendRoleSecretIdMapOutput() AuthBackendRoleSecretIdMapOutput ToAuthBackendRoleSecretIdMapOutputWithContext(context.Context) AuthBackendRoleSecretIdMapOutput }
AuthBackendRoleSecretIdMapInput is an input type that accepts AuthBackendRoleSecretIdMap and AuthBackendRoleSecretIdMapOutput values. You can construct a concrete instance of `AuthBackendRoleSecretIdMapInput` via:
AuthBackendRoleSecretIdMap{ "key": AuthBackendRoleSecretIdArgs{...} }
type AuthBackendRoleSecretIdMapOutput ¶
type AuthBackendRoleSecretIdMapOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleSecretIdMapOutput) ElementType ¶
func (AuthBackendRoleSecretIdMapOutput) ElementType() reflect.Type
func (AuthBackendRoleSecretIdMapOutput) MapIndex ¶
func (o AuthBackendRoleSecretIdMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleSecretIdOutput
func (AuthBackendRoleSecretIdMapOutput) ToAuthBackendRoleSecretIdMapOutput ¶
func (o AuthBackendRoleSecretIdMapOutput) ToAuthBackendRoleSecretIdMapOutput() AuthBackendRoleSecretIdMapOutput
func (AuthBackendRoleSecretIdMapOutput) ToAuthBackendRoleSecretIdMapOutputWithContext ¶
func (o AuthBackendRoleSecretIdMapOutput) ToAuthBackendRoleSecretIdMapOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdMapOutput
type AuthBackendRoleSecretIdOutput ¶
type AuthBackendRoleSecretIdOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleSecretIdOutput) Accessor ¶
func (o AuthBackendRoleSecretIdOutput) Accessor() pulumi.StringOutput
The unique ID for this SecretID that can be safely logged.
func (AuthBackendRoleSecretIdOutput) Backend ¶
func (o AuthBackendRoleSecretIdOutput) Backend() pulumi.StringPtrOutput
Unique name of the auth backend to configure.
func (AuthBackendRoleSecretIdOutput) CidrLists ¶
func (o AuthBackendRoleSecretIdOutput) CidrLists() pulumi.StringArrayOutput
If set, specifies blocks of IP addresses which can perform the login operation using this SecretID.
func (AuthBackendRoleSecretIdOutput) ElementType ¶
func (AuthBackendRoleSecretIdOutput) ElementType() reflect.Type
func (AuthBackendRoleSecretIdOutput) Metadata ¶
func (o AuthBackendRoleSecretIdOutput) Metadata() pulumi.StringPtrOutput
A JSON-encoded string containing metadata in key-value pairs to be set on tokens issued with this SecretID.
func (AuthBackendRoleSecretIdOutput) Namespace ¶
func (o AuthBackendRoleSecretIdOutput) Namespace() pulumi.StringPtrOutput
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.
func (AuthBackendRoleSecretIdOutput) RoleName ¶
func (o AuthBackendRoleSecretIdOutput) RoleName() pulumi.StringOutput
The name of the role to create the SecretID for.
func (AuthBackendRoleSecretIdOutput) SecretId ¶
func (o AuthBackendRoleSecretIdOutput) SecretId() pulumi.StringOutput
The SecretID to be created. If set, uses "Push" mode. Defaults to Vault auto-generating SecretIDs.
func (AuthBackendRoleSecretIdOutput) ToAuthBackendRoleSecretIdOutput ¶
func (o AuthBackendRoleSecretIdOutput) ToAuthBackendRoleSecretIdOutput() AuthBackendRoleSecretIdOutput
func (AuthBackendRoleSecretIdOutput) ToAuthBackendRoleSecretIdOutputWithContext ¶
func (o AuthBackendRoleSecretIdOutput) ToAuthBackendRoleSecretIdOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdOutput
func (AuthBackendRoleSecretIdOutput) WithWrappedAccessor ¶
func (o AuthBackendRoleSecretIdOutput) WithWrappedAccessor() pulumi.BoolPtrOutput
Set to `true` to use the wrapped secret-id accessor as the resource ID. If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or invalidated through unwrapping.
func (AuthBackendRoleSecretIdOutput) WrappingAccessor ¶
func (o AuthBackendRoleSecretIdOutput) WrappingAccessor() pulumi.StringOutput
The unique ID for the response-wrapped SecretID that can be safely logged.
func (AuthBackendRoleSecretIdOutput) WrappingToken ¶
func (o AuthBackendRoleSecretIdOutput) WrappingToken() pulumi.StringOutput
The token used to retrieve a response-wrapped SecretID.
func (AuthBackendRoleSecretIdOutput) WrappingTtl ¶
func (o AuthBackendRoleSecretIdOutput) WrappingTtl() pulumi.StringPtrOutput
If set, the SecretID response will be [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping) and available for the duration specified. Only a single unwrapping of the token is allowed.
type AuthBackendRoleSecretIdState ¶
type AuthBackendRoleSecretIdState struct { // The unique ID for this SecretID that can be safely logged. Accessor pulumi.StringPtrInput // Unique name of the auth backend to configure. Backend pulumi.StringPtrInput // If set, specifies blocks of IP addresses which can // perform the login operation using this SecretID. CidrLists pulumi.StringArrayInput // A JSON-encoded string containing metadata in // key-value pairs to be set on tokens issued with this SecretID. Metadata pulumi.StringPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // The name of the role to create the SecretID for. RoleName pulumi.StringPtrInput // The SecretID to be created. If set, uses "Push" // mode. Defaults to Vault auto-generating SecretIDs. SecretId pulumi.StringPtrInput // Set to `true` to use the wrapped secret-id accessor as the resource ID. // If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or // invalidated through unwrapping. WithWrappedAccessor pulumi.BoolPtrInput // The unique ID for the response-wrapped SecretID that can // be safely logged. WrappingAccessor pulumi.StringPtrInput // The token used to retrieve a response-wrapped SecretID. WrappingToken pulumi.StringPtrInput // If set, the SecretID response will be // [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping) // and available for the duration specified. Only a single unwrapping of the // token is allowed. WrappingTtl pulumi.StringPtrInput }
func (AuthBackendRoleSecretIdState) ElementType ¶
func (AuthBackendRoleSecretIdState) ElementType() reflect.Type
type AuthBackendRoleState ¶
type AuthBackendRoleState struct { // The unique name of the auth backend to configure. // Defaults to `approle`. Backend pulumi.StringPtrInput // Whether or not to require `secretId` to be // presented when logging in using this AppRole. Defaults to `true`. BindSecretId pulumi.BoolPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // The RoleID of this role. If not specified, one will be // auto-generated. RoleId pulumi.StringPtrInput // The name of the role. RoleName pulumi.StringPtrInput // If set, // specifies blocks of IP addresses which can perform the login operation. SecretIdBoundCidrs pulumi.StringArrayInput // The number of times any particular SecretID // can be used to fetch a token from this AppRole, after which the SecretID will // expire. A value of zero will allow unlimited uses. SecretIdNumUses pulumi.IntPtrInput // The number of seconds after which any SecretID // expires. SecretIdTtl pulumi.IntPtrInput // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayInput // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrInput // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrInput // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrInput // The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses) // of times a generated token may be used (within its lifetime); 0 means unlimited. TokenNumUses pulumi.IntPtrInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrInput // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayInput // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrInput // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrInput }
func (AuthBackendRoleState) ElementType ¶
func (AuthBackendRoleState) ElementType() reflect.Type
type GetAuthBackendRoleIdArgs ¶
type GetAuthBackendRoleIdArgs struct { // The unique name for the AppRole backend the role to // retrieve a RoleID for resides in. Defaults to "approle". Backend *string `pulumi:"backend"` // The namespace of the target resource. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured namespace. // *Available only for Vault Enterprise*. Namespace *string `pulumi:"namespace"` // The name of the role to retrieve the Role ID for. RoleName string `pulumi:"roleName"` }
A collection of arguments for invoking getAuthBackendRoleId.
type GetAuthBackendRoleIdOutputArgs ¶
type GetAuthBackendRoleIdOutputArgs struct { // The unique name for the AppRole backend the role to // retrieve a RoleID for resides in. Defaults to "approle". Backend pulumi.StringPtrInput `pulumi:"backend"` // The namespace of the target resource. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured namespace. // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput `pulumi:"namespace"` // The name of the role to retrieve the Role ID for. RoleName pulumi.StringInput `pulumi:"roleName"` }
A collection of arguments for invoking getAuthBackendRoleId.
func (GetAuthBackendRoleIdOutputArgs) ElementType ¶
func (GetAuthBackendRoleIdOutputArgs) ElementType() reflect.Type
type GetAuthBackendRoleIdResult ¶
type GetAuthBackendRoleIdResult struct { Backend *string `pulumi:"backend"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Namespace *string `pulumi:"namespace"` // The RoleID of the role. RoleId string `pulumi:"roleId"` RoleName string `pulumi:"roleName"` }
A collection of values returned by getAuthBackendRoleId.
func GetAuthBackendRoleId ¶
func GetAuthBackendRoleId(ctx *pulumi.Context, args *GetAuthBackendRoleIdArgs, opts ...pulumi.InvokeOption) (*GetAuthBackendRoleIdResult, error)
Reads the Role ID of an AppRole from a Vault server.
## Example Usage
<!--Start PulumiCodeChooser --> ```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { role, err := appRole.GetAuthBackendRoleId(ctx, &approle.GetAuthBackendRoleIdArgs{ Backend: pulumi.StringRef("my-approle-backend"), RoleName: "my-role", }, nil) if err != nil { return err } ctx.Export("role-id", role.RoleId) return nil }) }
``` <!--End PulumiCodeChooser -->
type GetAuthBackendRoleIdResultOutput ¶
type GetAuthBackendRoleIdResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getAuthBackendRoleId.
func GetAuthBackendRoleIdOutput ¶
func GetAuthBackendRoleIdOutput(ctx *pulumi.Context, args GetAuthBackendRoleIdOutputArgs, opts ...pulumi.InvokeOption) GetAuthBackendRoleIdResultOutput
func (GetAuthBackendRoleIdResultOutput) Backend ¶
func (o GetAuthBackendRoleIdResultOutput) Backend() pulumi.StringPtrOutput
func (GetAuthBackendRoleIdResultOutput) ElementType ¶
func (GetAuthBackendRoleIdResultOutput) ElementType() reflect.Type
func (GetAuthBackendRoleIdResultOutput) Id ¶
func (o GetAuthBackendRoleIdResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetAuthBackendRoleIdResultOutput) Namespace ¶
func (o GetAuthBackendRoleIdResultOutput) Namespace() pulumi.StringPtrOutput
func (GetAuthBackendRoleIdResultOutput) RoleId ¶
func (o GetAuthBackendRoleIdResultOutput) RoleId() pulumi.StringOutput
The RoleID of the role.
func (GetAuthBackendRoleIdResultOutput) RoleName ¶
func (o GetAuthBackendRoleIdResultOutput) RoleName() pulumi.StringOutput
func (GetAuthBackendRoleIdResultOutput) ToGetAuthBackendRoleIdResultOutput ¶
func (o GetAuthBackendRoleIdResultOutput) ToGetAuthBackendRoleIdResultOutput() GetAuthBackendRoleIdResultOutput
func (GetAuthBackendRoleIdResultOutput) ToGetAuthBackendRoleIdResultOutputWithContext ¶
func (o GetAuthBackendRoleIdResultOutput) ToGetAuthBackendRoleIdResultOutputWithContext(ctx context.Context) GetAuthBackendRoleIdResultOutput